Congress Passes Bill Forcing Tech Companies To Disclose Foreign Software Probes

An anonymous reader quotes a report from Reuters: The U.S. Congress is sending President Donald Trump legislation that would force technology companies to disclose if they allowed countries like China and Russia to examine the inner workings of software sold to the U.S. military. Companies would be required to address any security risks posed by the foreign source code reviews to the satisfaction of the Pentagon, or lose the contract. The legislation also creates a database, searchable by other government agencies, of which software was examined by foreign states that the Pentagon considers a cyber security risk. It makes the database available to public records requests, an unusual step for a system likely to include proprietary company secrets. The final version of the bill was approved by the Senate in a 87-10 vote on Wednesday after passing the House last week. The spending bill is expected to be signed into law by Trump.

Re:Linux Distros

[Jaime2]

Seems unlikely. A foreign government would never need to ask to review public source code, so there would never be an approval for which paperwork would be necessary.

Let's start cracking the whip

[MikeRT]

I am a lot less concerned about the PRC being allowed to view the code for Oracle DB or Windows than I am about allowing Chinese citizens to be employed to work on them. The human intelligence network run by PRC intelligence puts anything the US or Russians have ever had to shame because they can rely on Chinese nationalism in the civilian population to get part-time assets in places we never could. It should be taken as a given that the PRC has agents in Microsoft and Oracle because that's how they roll.

If any of that sounds outlandish, read this. As just one example, in terms of influencing public policy, the PRC is way worse than anything most liberals believe about Russia.